1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
/*
* Copyright (c) 2015, 2016 VMware, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __OVS_CONNTRACK_H_
#define __OVS_CONNTRACK_H_ 1
#include "precomp.h"
#include "Flow.h"
struct ct_addr {
union {
ovs_be32 ipv4;
struct in6_addr ipv6;
uint32_t ipv4_aligned;
struct in6_addr ipv6_aligned;
};
};
struct ct_endpoint {
struct ct_addr addr;
union {
ovs_be16 port;
struct {
ovs_be16 icmp_id;
uint8_t icmp_type;
uint8_t icmp_code;
};
};
UINT16 pad;
};
typedef enum CT_UPDATE_RES {
CT_UPDATE_INVALID,
CT_UPDATE_VALID,
CT_UPDATE_NEW,
} CT_UPDATE_RES;
/* Metadata mark for masked write to conntrack mark */
typedef struct MD_MARK {
UINT32 value;
UINT32 mask;
} MD_MARK;
/* Metadata label for masked write to conntrack label. */
typedef struct MD_LABELS {
struct ovs_key_ct_labels value;
struct ovs_key_ct_labels mask;
} MD_LABELS;
typedef struct _OVS_CT_KEY {
struct ct_endpoint src;
struct ct_endpoint dst;
UINT16 dl_type;
UINT8 nw_proto;
UINT16 zone;
UINT64 packetCount;
UINT64 byteCount;
} OVS_CT_KEY, *POVS_CT_KEY;
typedef struct OVS_CT_ENTRY {
OVS_CT_KEY key;
OVS_CT_KEY rev_key;
UINT64 expiration;
LIST_ENTRY link;
UINT32 mark;
UINT64 timestampStart;
struct ovs_key_ct_labels labels;
} OVS_CT_ENTRY, *POVS_CT_ENTRY;
typedef struct OvsConntrackKeyLookupCtx {
OVS_CT_KEY key;
POVS_CT_ENTRY entry;
UINT32 hash;
BOOLEAN reply;
BOOLEAN related;
} OvsConntrackKeyLookupCtx;
#define CT_HASH_TABLE_SIZE ((UINT32)1 << 10)
#define CT_HASH_TABLE_MASK (CT_HASH_TABLE_SIZE - 1)
#define CT_INTERVAL_SEC 10000000LL //1s
#define CT_ENTRY_TIMEOUT (2 * 60 * CT_INTERVAL_SEC) // 2m
#define CT_CLEANUP_INTERVAL (2 * 60 * CT_INTERVAL_SEC) // 2m
/* Given POINTER, the address of the given MEMBER in a STRUCT object, returns
the STRUCT object. */
#define CONTAINER_OF(POINTER, STRUCT, MEMBER) \
((STRUCT *) (void *) ((char *) (POINTER) - \
offsetof (STRUCT, MEMBER)))
static __inline void
OvsConntrackUpdateExpiration(OVS_CT_ENTRY *ctEntry,
long long now,
long long interval)
{
ctEntry->expiration = now + interval;
}
VOID OvsCleanupConntrack(VOID);
NTSTATUS OvsInitConntrack(POVS_SWITCH_CONTEXT context);
NDIS_STATUS OvsExecuteConntrackAction(PNET_BUFFER_LIST curNbl,
OVS_PACKET_HDR_INFO *layers,
OvsFlowKey *key,
const PNL_ATTR a);
BOOLEAN OvsConntrackValidateTcpPacket(const TCPHdr *tcp);
BOOLEAN OvsConntrackValidateIcmpPacket(const ICMPHdr *icmp);
OVS_CT_ENTRY * OvsConntrackCreateTcpEntry(const TCPHdr *tcp,
PNET_BUFFER_LIST nbl,
UINT64 now);
NDIS_STATUS OvsCtMapTcpProtoInfoToNl(PNL_BUFFER nlBuf,
OVS_CT_ENTRY *conn_);
OVS_CT_ENTRY * OvsConntrackCreateOtherEntry(UINT64 now);
OVS_CT_ENTRY * OvsConntrackCreateIcmpEntry(UINT64 now);
enum CT_UPDATE_RES OvsConntrackUpdateTcpEntry(OVS_CT_ENTRY* conn_,
const TCPHdr *tcp,
PNET_BUFFER_LIST nbl,
BOOLEAN reply,
UINT64 now);
enum CT_UPDATE_RES OvsConntrackUpdateOtherEntry(OVS_CT_ENTRY *conn_,
BOOLEAN reply,
UINT64 now);
enum CT_UPDATE_RES OvsConntrackUpdateIcmpEntry(OVS_CT_ENTRY* conn_,
BOOLEAN reply,
UINT64 now);
NTSTATUS
OvsCreateNlMsgFromCtEntry(POVS_CT_ENTRY entry,
PVOID outBuffer,
UINT32 outBufLen,
UINT8 eventType,
UINT32 nlmsgSeq,
UINT32 nlmsgPid,
UINT8 nfGenVersion,
UINT32 dpIfIndex);
#endif /* __OVS_CONNTRACK_H_ */
|
